type rfs_access, domain; type rfs_access_exec, exec_type, vendor_file_type, file_type; init_daemon_domain(rfs_access) #For tftp server allow rfs_access self:capability { chown setgid setpcap setuid net_bind_service }; wakelock_use(rfs_access) r_dir_file(rfs_access, vendor_firmware_file); # For tftp server file access allow rfs_access mnt_vendor_file:dir search; allow rfs_access mnt_vendor_file:file r_file_perms; allow rfs_access persist_file:dir search; allow rfs_access persist_rfs_file:dir create_dir_perms; allow rfs_access persist_rfs_file:file create_file_perms; allow rfs_access mpss_rfs_data_file:dir create_dir_perms; allow rfs_access mpss_rfs_data_file:file create_file_perms; allow rfs_access rfs_tombstone_data_file:dir create_dir_perms; allow rfs_access rfs_tombstone_data_file:file create_file_perms; allow rfs_access self:socket create_socket_perms_no_ioctl; userdebug_or_eng(` allow rfs_access wifidump_vendor_data_file:dir rw_dir_perms; allow rfs_access wifidump_vendor_data_file:file create_file_perms; ') dontaudit rfs_access kernel:system module_request;